Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52080 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-07-16 | N/A | 6.5 MEDIUM |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter. | |||||
| CVE-2025-52081 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-07-16 | N/A | 6.5 MEDIUM |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter. | |||||
| CVE-2025-52082 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-07-16 | N/A | 6.5 MEDIUM |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter. | |||||
| CVE-2024-52013 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52014 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52015 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52016 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52022 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 8.0 HIGH |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-51011 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-51021 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2025-05-21 | N/A | 8.0 HIGH |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-52023 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52024 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52025 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52026 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2025-05-21 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-51010 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 8.0 HIGH |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-50996 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-07 | N/A | 5.7 MEDIUM |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-51003 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-07 | N/A | 5.7 MEDIUM |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52018 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
| Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-52017 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-51022 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||